Welsh Teenager Faces Jail after cracking Credit Card Security
Merthyr Tydfil (21.04.01)
A 19-year old youth from Carmarthen, West Wales, appeared in Merthyr
Crown Court for sentencing after pleading guilty to charges of obtaining
goods and services by deception.
The case was ajourned for medical reports. The judge made clear that a
prison sentence was a possible outcome.
Credit Card Details Published on the Internet
The youth was arrested after an international investigation, led by
the American FBI, into
the origin of credit card details, which had been published on the internet.
The trail led to the bedroom of Raphael Gray of Clynderwen, Carmarthen. The
youth - who was described in court as "disturbed" - had been engaging in what
he saw as a "crusade" against security loopholes in e-commerce.
He had obtained access to the databases of companies in Canada, the United
States and Britain and obtained details of some 23,000 credit cards.
Viagra for Bill Gates
Gray had pleaded guilty, having obtained computer equipement with some of
the credit card details.
He engaged in other transactions of a more altruistic nature. Bill Gates,
whose systems had provided inadequate defence, received a supply of viagra.
The judge observed that the guilty plea had deprived him of one of the more
interesting cases he was likely to hear.
Like entering through an open window
Gray said that he did not consider himself as gaining unauthorised access,
because at no time did messages to that effect appear on the screen.
The prosecution compared this to claiming that burglary was not burglary
just because access was gained through an open window.
Is there anyone else out there?
Newspaper stories have concentrated on the personality of the youth
concerned.
Clearly the story begs the question, if a 19-year old in Carmarthenshire
can obtain details sufficient to make unauthorised purchases on credit
cards, who else can?
Whilst the stories stressed the damages to the companies, it could be
considered that with the fraudulent purchase of just over £1000 worth
of computer equipment and a supply of viagra, they got off extraordinarily
lightly.
Update (6.7.01) Gray Gets Community Service - and Psychatric Care Order
Swansea Crown Court spared Raphael Gray from going to prison, but ordered
that he should be subject to psychiatric rehabilitation in addition
to doing communtity service.
He admitted offences under the Misuse of Computers Act as a result of entering
commerical websites without permission. He also admitted to receiving goods
and services worth £1800 with the information obtained.
"I don't regret what I did. I regret the way I went about it." He believes
that he was completely justified in exposing the weaknesses in the security
surrounding credit card transactions on the Internet.
The story did have one fortunate outcome for the Carmarthen teenager. The
private security firm, employed by the Royal Canadian Mounted Police, which
track him down has offered him a job testing the security of commercial
websites.
This Website contains information from a variety of sources. References on
this site to individuals and organisations does not imply a support on their
part for net-cymru - see
Site Objectives and Policies